package com.webchat.admin.filter;

import com.webchat.common.bean.APIResponseBean;
import com.webchat.common.bean.APIResponseBeanUtil;
import com.webchat.common.exception.AuthException;
import com.webchat.rmi.user.AccessApplicationServiceClient;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.util.List;

/**
 * @Author: 程序员七七
 * @Date: 16.11.21 11:26 下午
 */
@Slf4j
@Order(-6)
@WebFilter(filterName = "oauthFilter", urlPatterns = {"/api/*"})
@Component
public class ApiAuthFilter implements Filter {

    @Autowired
    private AccessApplicationServiceClient accessApplicationServiceClient;


    @Value("#{'${un-auth.url}'.split(',')}")
    private List<String> unAuthorizedUrls;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        String url = request.getRequestURI();
        if (isWhiteUrl(url)) {
            filterChain.doFilter(request, servletResponse);
            return;
        }
        /**
         * 走 AK、SK 认证
         */
        String ak = request.getHeader("access-key");
        String sk = request.getHeader("secret-key");
        if (StringUtils.isBlank(ak) || StringUtils.isBlank(sk)) {
            throw new AuthException("无权限");
        }
        APIResponseBean<Boolean> apiResponseBean = accessApplicationServiceClient.checkAkSk(ak, sk);
        if (APIResponseBeanUtil.isOk(apiResponseBean) && ObjectUtils.equals(true, apiResponseBean.getData())) {
            filterChain.doFilter(request, servletResponse);
            return;
        }
        throw new AuthException("无权限");
    }

    /**
     * 是否白名单接口，不需要走AKSK认证
     *
     * @param url
     * @return
     */
    private boolean isWhiteUrl(String url) {

        if (CollectionUtils.isNotEmpty(unAuthorizedUrls)) {
            for (String unAuthorizedUrl : unAuthorizedUrls) {
                if (url.startsWith(unAuthorizedUrl)) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override
    public void destroy() {

    }
}
